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Unit :4 Dealing with the website data 


First Subject: searching for term .page. Seach_form _php 
Second Subject: deleting Term. Page. Del_Term_php 


Third subject: editing data.term page. edit_term_php 


And the help page. Help.php 


Unit :5 Securing the website of {The computer 72 
Photographic Term Dictionary 


First Subject: The entry in Securing web site 


Second Subject: Creating a page of registering new user. 
reg.php 

Third Subject: Designing signing in page "signin.php and 
signing out page "signout.php. 

Forth page : Securing website steps 


Fifth Subject: Securing the MYSQL data base. 


Unit 4 


Dealing with the Website Data 


At the end of the unit the student will be able to: 


1- Creating searching for term page 


2- Explaining PHP code which is concerned with creating 
search for term page. 


3- Follow the steps of searching for term in the data base. 4- 
Creating deleting term page. 


5- Know the parts of PHP code which is concerned with 
executing deleting term page. 


6- Executing deleting term process from data base. 


7- Creating the page of editing the data of a term by using 
PHP& HTML code. 


8- Executing the process of editing the data of a term in the 
data base. 


9-conclude the steps of creating help page. 


10- Cooperate with classmates in executing the unit activities. 


Num | The page name Its purpose Description Page planner 
1 Main page Activate the | It represents the 
Index php { has hyperlinks beginning of the page 
been created} that could that appears to the 
move from user the time it 
one page to uploads 
another From it we can move 
to the other pages. 
2 The connection Achieving This page doesn’t PHP code 
page to the data connection appear in front of the 
base.connection with the data | user, it’s separated to -For the connection 
-php base. It is have only aa line of to the database 
{It has been called before | a code that achieve 
created } dealing with | this connection with 
the data. the data base , at the 
beginning of the page 
instead of repeating 
the connection code 
with the whole data 
base. 
3 The header page | Showing This page contains 
header. php.{It the photo stable parts that we 
has been created} | bannerand_ | need to show in all 
the the website pages. 
hyperlinks | So it has been split 
that takes us | in an independent 
to all the page . it is called 
pages,itis | through writing a 
called at the | one line code at the 
beginning | beginning of each 
of every page 
page. 


We have finished 2 stages of the project, the first & the final vision; in it we specify 
the website pages and creating some of them. We already have created some pages; 
the following table describes briefly the website pages, and what we have executed. 


Num | Page name Its purpose Description Page planner 

4 Add term page { Inserting term & all | An independent page in f 
Add _term.php its data in terms it a code to call header 
{it has been table in the data “header.php & another 
created} base. code to call connection 

page so we could adda 
new record to the data 
base 

5 Search for a term. Searching for a An independent page in 
Search_term.php. term in terms table | it a code to call header 
{it hasn’t been in the data base. “header.php & another 
created} code to call connection 

page so we could 
search for a term in 
the data base 
Page of editing Editing the data of | When editing a term, 
term a term in the terms | we choose the term we 
Edit term. Php. table in the data want to edit then we 
{it hasn’t been base. edit it and then save it. 
created} 

7 Page of deleting Deleting data ofa | We could delete the 
term term in terms table | term that has been 
Del_term.php. In the data base. chosen. 

{it hasn’t been 
created} 

8 Help.page. Show information | Usually we find in most 
{it hasn’t been about the website | of the web pages 
created} & what follows. “About us” in it some 


information about the 
headquarter the site 
belongs to and the way 
of communicating with 
it like phone numbers, 
emails on the social 
networks. 


First Subject 
Search for term page 


Search _term.php 
Learning outcomes:- 
At the end of the subject the student will be able to: 


Explain the looping statement (DO-while —while —for) 
Desgin the interface of search for term page. 


Explain the HTML code of the search for term page. 


Add PHP code to include header & connection pages. 


1. 

2 

3 

4. Add the parts of php code in the right place inside the code page. 

5 

6 Cooperate with friends in writing php code for searching for a term. 
7. 


Execute the search for term process. 
Before creating search for term process we should shed the light on: 
eThe looping concept. 
eSome statement of looping in php language 


We need in some programs to repeat a certain code many times or repeating it to a 
certain limit and this is what we will use when writring PHP code of the following 
pages. 


a 


Search for term page edit term page. 


Where 
e We need repeating a certain code which could deal with 
the table records, this term should be in the record & it 
is the same term which we search for or edit. 
è Before, in the preparatory stage you had studied & learnt 
its main structure. PHP language affords looping 


ktatement like 


(For - While — do... While) 


Here are some examples of using the looping statement by PHP code. 


Here is an explanation for using the looping statement through simple examples: 
A- While statement 


Some examples on the usage of while 
Writing code by printing numbers 1:100 by php language. 


The explanation of the code 


(1) <?PHP 
(2) $x = 1; 1) The beginning of php code. 
(3) While ($x <=100) 2) Variable starts with 1 value. 
3-Executing all the instructions 
(4) { in looping statement which 
(5) Echo ($x); appears between 2 brackets { } 
(6) Echo ("<Br>"); as long as the condition is right, 
(7) $x ++: as long as the variable $x less 
h 1 100. 
(8) } than or equa oo 
4-The beginning of looping 
QQ) ? statement. 


5-Printing the variable value. 
6-Moving to a new line (executing 
HTML code inside php code). 
7-Increasing the numerical or 
variable with value 1. 
8-The end of the looping 
statement 
9-The end of PHP code. 


Printing the result of the total of 2 numbers by using PHP language 


Study the opposite code 
“& Discuss with your classmates and 
your teacher. 
“+ Specify the difference between 
this code and the previous code. 
Example 1 guides you. 

Compare between this code with what 


?php 


$x = 1; i 
$total = 0; Eset 
while{ $x <= 100 ) 
{ 
$total = $total + $x; 


$x++; 
} stage. 


had you studied in the preparatory 


echo " go» LUI "; 
echo "<br>"; 
echo total; 


a | 


Figure {1} PHP code for using looping statement while i 


Example:3 


Printing numbers from 1:100 as follows 


<?PHP 
For ($x =1; $x <= 100; $x ++) 
{ 


Echo ($x); 


Echo ("<Br>"); 


The explanation of the code 
1) The beginning of code php. 
2) For statement and it contains three (arguments) 
4$x=1: 
The beginning of the variable $x with value 1 


< $x <=100: 
On condition is tested less than or equal 100 where 
repetition stops if the value of the variable $x is more than 
100. 


< $x ++: 


Increasing the variable value $x by 1 


- Do (AE T exinting instructions which is repeated as long as 


the condition if For statement is true 


While statement to execute the prevoius example is printing the numbers from 
1 to 100 as follows : 


Explanation of the code 
1) The start of the code php. 


2) Avariable we have in it the 
start of the numbers with 1 
value. 

3) Statements execute what 
follows. 

4) The start of repetition 


statement. 
Echo ($x ."<Br>"); 
5) Printing the variable and 


moving to the next line. 

} 6) Increasing the variable with the 
> n» ` value 1. 

ee eer 7) The end of the looping 
statement. 

8) It‘sa must to stop repeating, if 
the variable value increased 
more than 100. 

S) Ending the code. 


$x ++; 


?> 


The following table explains how every statement works : 


The Explanation 

looping 

statement 

While { It is used to execute unknown or un limited number of 
repetitions and these repetitions can be executed only on one 

condition at first, testing the condition and be sure the result is 
true. the following repetitions will be executed and this 
repetition continues as long as this condition is true. 
-if the condition is false the repetition can’t be executed 
Example: searching in data base and searching the internet. 

Do { } | Is used in executing an unlimited or unknown number of 

. repetitions , and you start in executing a repetitive circle once 

walle before testing the condition if it is true , then it is repeated and 
the instructions are executed in the circle , the result becomes 
false then the repetition stops and going out from the circle. 
Example { printing the primary value of the variable } 

For { It is used to execute an unknown or unlimited number of 
repetitions. It works the same way as while statement. 

Example (printing the email address of the ministry website 10 
times). 


After we have mentioned the looping statements and how to write them by PHP 
language we start creating search for term page, it is as follows: 


Figure (2) the suggested layout of search for term page. 


The steps for creating search for term page 


(1) Designing the interface of search term page. 


The purpose of creating this page, searching for term in the database as it is one of 
the terms that are inserted in the terms table in the dbdictionary this by using 
select statement. 

Cooperate with your classmates to use what they had studied in the programs of 
editing and processing pictures, this to have a 

vision of designing the interface of search for term page. 


The web page title is "search for term". 
A Form has been inserted from toolbox window, where it contains the control 


elements in search page. 
The label "the search term" and next to it the textbox where we insert the term 


that we need to search for. 
The order button 'search by word' and who is responsible for executing php 
code, which is about search for term process in the data base. 

Insert a table where in it appears only grade one. In it titles and the columns 
headers in which the search results appears, through adding a row to every term 
in it shows its data. 

we can use some of the applications of creating web pages like expression web 
by writing text and inserting the controlling tools from toolbox window in 
design mode { as you had learned when creating adding term page in the first 
term the image of the search term becomes as: 


Le) O het P-C Boaayu 
A 


= 


Figure (4) showing search for term page on the browser scree 


Remember: 


In expression web ' program, you could know the code of creating 


table (which is inserted in Design mode). 


This is by selecting the table then showing HTML code, which is generated by 


pressing on code button and it is : 


Showing table its width is 
100° wide, the frame and it's 
the thickness which it 


surrounds. 


<table style="width: 100%" border="1"> < 


<tr> 


~ 


<td> z haaj 


mene naa declaring (tr) 
about the row. 


<td> saga) </td> 


<td> a)! </td> 


<td> 3) pall </td> 


~ 


</tr> For declaring [td] about 
columns where in every one 
</table> of it contains the title of the | 


field and switching it off 
</td>. 
(2)Write PHP code: 


On loading search page on the browser, you can show the search results for a term by a term 
number (code) or term name on the database. Then enter the term or the term number we want to 
search for. In this case the browser won't show the term data, when we click the botton (search by 
word / search botton). Then, you will find that there is no reponse or data to be displayed becausae 
there is no link beteween controls on the browser with the content of database. Therfore, we need 


to: 

display the image banner and the tiltle of the web pages at the top of the window, 
through adding PHD code related to including the page "header" in the position 
refeered to in (1) on the previous sccreen by the following cade. 


<?php 


include("header.php"); 


?> 


e Including the page of connection to database. 
e Typing the PHP code related to terem search in the database using its name or 


number which we enteredf in the browser page, then displaying its data on the 


page. Later, in detail ,we fill handle abbreviated PHP code, which searches for term 
data and display it in one line on the browser window without formatting (so as to 
abbreviate the code) based on the term code( number). In the professional detailed 
code, we display the search result on the browser in an organized manner in a 


table based on the term name showing deficiencies in the abbreviated code. 


Now we show the full HTML code of the search page and showing the 
place of writing PHP codes. 


1 <html dir="rtl"> 

2 <head> Add PHP 
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" code number 1 

1 <tithe>qllnas oe Gae</title> 

5 </head> 

6 <body> 


<p class="style1"><span lang="ar-eg"><strong>Gllaaas ġe Gar</strong></span></p> 
<form method="post" action="search_term.php"> 
<div > 
Gaull ee 
<input name="txt_search" type="text" style="width: 332px; height: 25px;" > 
<input name="submit1" type="submit" value="4494 Ga!" style="height: 26px" >&nbsp;<br ><br> 
<br> 
<table style="width: 100%' border="1"> Add 
<tr 


side cae PHP code 
<td> deal </td> number 2 
<td> ais pall </td> 
<td> dy gall </td> 


24 </table> 
25 </div> 
26 </body> 

27 </html> 


Figure (5) HTML code which is about search for term page. 


the abbreviated PHP code: 


The final purpose of PHD code is to search for a term the database file through "search for 
term" page that was previously designed through the term code or number. Youcan learn about 
the codes of terms through opening database table" terms" and using the codes in searching 
fora term to simplify PHd code making sure it functionins well and simply. The following 
abbreviated code achieves the this purpose . 


<?php 


Incloude("connection.php"); 
if(isset($_POST['submitt'])) 
{ 
$code=$_POST['code_search']; 
mysql_query("SET NAMES '‘utf8""); 
mysql_query("select * from terms where id=$code"); 
while($row=mysql_ fetch _array($query)) 
{ 
$term=$rowf['term']; 
$trans=$rowf['trans']; 
$defe=$rowf[' defe']; 


$picture=$rowf['picture’]; 


echo("$term $trans $defe 
<input name="pic' type="image' src="$picture’ width='80' height='80' /> 
F? Je 


In the prtevious abbreviated code, we notice the following: 


e Including header.php 

e Including the page ofconnection to database "connection.php" We will explain the 
code through the following: 

Explaining the code: 


Code Expalnation 
<?php The start of PHD code 
if Varify clicking the submitbotton. 
(isset($_POST['submit1'])) Test the clicking of search botton. Then, the 


code between bracket ( ) is excuted. 


Assign the value the weaa enterd in text box to 


the variable $code. 
$code=$ POST['code_sear 


ch’); 


Using the mysql_query function to deal with the 


data on browser in Arabic coreectlyand notin 
mysql_query("SET NAMES 


'utf8""); 


We use mysql_query function to excute query for 


7 ; the search for the record No stored in the 
mysql_query("select * from 


variable $code with its equivalent in the variable 


terms where id=$code"); a 
code "id" in the database table. 


searching for a term and perform it in a table 


<?php 
iffisset($_ POST['submit1'])) 
{ 
$txt search=$ POSTY'txt search’): 


Se te Cle ett A a E 


$sqi="select * from terms where term like '%$txt_search%' ORDER BY term ASC"; 
$query=mysql_query($sq]) ; 
$num=mysql_num_rows($query); 
while($row=mysql_fetch_array($query)) 
{ 


Sterm=$row['term']; 
Strans=$row|'trans']; 
Sdefe=$row['defe’]: 
Spicture=Srow['picture’}; 


echo(" <tr> 
<td>$term</td> 
<td>S$trans</td> 
<td>$defe</td> 
<td><input name="pic' type='image' src='Spicture’ width='80' height='80' /></td> 
</tr> 


Figure (7) php code that's about searching for term. 


Explanation of the code: 


Explanation Code 
<?php 
Be sure of pressing on submit if (isset($_POST[’submit1'])) 
button, test pressing on “search { 


by word button” 

It picked the term or the value 
that it has been inserted in the 
text box on the browser and put 
itin the variable $text search. 
Using mysql_query to deal with | mysql _query("SET NAMES ‘utf8"™); 
data on the browser screen in 

Arabic correctly and it won't be 

shown in question marks 


$txt_search=$_POST['txt_search']; 


like?????????. 
Executing the query (save the $sql="select*fromterms 
result of the query in the where 
variable. 
term like 
-Using select statement in "%$txt search%’ 


searching for all the fields of the 
data table by using 


ORDER BY term ASC"; 


“like” parameter and also the 


Using Mysql _query $query=mysql_query($sql) ; 


Using this function in executing 
the query and putting the result 
in variable $query. 


-Notice: it’s possible to write 
select statement directly inside 
double quotation instead of 
variable $ sql. 


Explanation Code 


The result of the 4 variables | echo("<tr> 
are printed in a new row 


<td>$term</td> 
inside the previous table td>$t Ad 
that is designed on the web ae lad 
browser screen. <td>$defe</td> 

td 
By writing HTML code l ae < 7 
inside PHP language by the <input name= pic type= Image src= 
order ; 'picture'width='80'" height='80' /> 
echo ( ); </td> 
</tr> "); 


Closing the bracket { means | } 
going back to While 
statement to repeat all the 
previous steps till finishing 
all the records in the result 
query $query 


Closing the last bracket } 
{means closing if statement 
in the beginning of php 
code then at the end ofthe | ?> 
code. 


Second subject 
Delete term pages 
Del_term.php 


Learning outcomes: 
At the end of the subject the student will be able to: 
1- Cooperate with his classmates to have a vision of the interface of delete 


term page. 


N 
1 


Create delete term page in designing pattern by HTML code through 


Expression Web program. 


(a) 
1 


Use php code to include the two pages Header & connection. 
4- Explain PHPcode that's about delete term. 


5- Execute the process of deletion to a certain term. 


The steps of creating delete term page Del _term.php: 


(1) Designing the interface of delete term page. 


The purpose of creating this page is delete term inside the data base among the other 
terms that has been inserted in the data base table dbdictionary. 


Cooperate with your classmates to use what have you studied before of designing 
pages programs like Expression web, which is for designing the interface of delete term 
page. 


By pressing on “split’ button, you can show the page and the code which has been 
existed for creating it: 


=text/htmil. charset=utf-8~ } 


eh td 
š Add PHP code No. 3 
table 


nn te a aa 


w 
tc 


Figure (11) HTML code which is concerned with delete term page. 
Writing PHP code: 


In the following figure an explanation for the 4 parts of the code which will be added 


in its places in Figure (11) , the first part:it is shown as the following : 
Part 1: 


<?php 
include("header. php"); oA 


include("connection.php"); 


mysql_query("SET NAMES 'utf8"); 


$sql="select * from terms"; 


$query=mysql_query($sql); — | 
$num=mysql_num_rows($query); KLE 


No: | The code Its explanation 


Start php code, 
-including Header & connection 
pages with the data base of the 


page. 


<?php 
include("header.php"); 
include("connection.php"); 


Dealing with the data in Arabic. 


mysql_query("SET NAMES 'utf8""); 


Specialize Select statement as a 
chain to the variable SSQL. 


$sql="select * from terms"; 


By using mysq l_ query , we 


$query=mysql_query($sq)); 


execute query and put it inside 
the variable Squery (all the 
records of table terms) 


E Specialize number of records by 
using mysql_num_query to the 
variable Snum at the end of code 
PHP. ?> 


$num=mysql_num_rows($query); 


Part 2: 
Refers to it number (2) in Figure 11 as in the following: 


showing the number of terms (number of records) on the website page. 
<?php 


echo ("<h1> Sigimaajl ase $num </h1>"); 


?> 


Part 3: 

<?php "i 
while($row mysql_ fetch_array(Squery)) 

{ 


echo (" 


<tr > 
<td>$id </td> 
<td>$term </td> 
<td>$trans </td> E 
<td>$defe </td> 
<td> 
<input name='termp' type="image' src='Spicture’ width='80' height='"BO'/ 
</td> 
<td> 


= 
</a> 


</td> 


No: | Explanation Code 
A <?php 
Start of While statement while($row 
mysql_fetch_array($query)) 
{ 
B | The purpose of this code is 
showing all the records of the echo ( 
database table ‘terms’ 
<tr > 
As explained before. <td>$id </td> 
<td>$term </td> 
<td>$trans </td> 
<td>$defe </td> 
<td> 
<input name='termp' 
type='image' 
src="$picture’ h='80' 
height='80'/> 
</td> 
c Creating a hyperlink on the word <td> 
“delete” which appears at the end å 
of the row which is concerned . 
with the term, delete term page is | href='delete_term.php?id=$id'> 
called when pressing on it, this by diia 
ID which contains the number of 
the record we meant to delete it </a> 
</td> </tr> E 
D | Closing the repeating circle While, | } 
closing the code os 


Part 4: 


‘our tedacner dnd ClaSSimdtes. 


<?php 


{ 


if (isset($_GET['id'])) 


$sqidel="delete from terms where id='$_GETIid]"; 
$query=mysql_query($sqldel); 
header("Location:delete_term.php"); 


Explanation Code 


The Start of the code. | <?php 


When pressing on the" delete" | jf (isset($_GET['id'])) 
hyperlink, the delete page 
appears and we get the record 
we meant to delete 


-The function result becomes 
siss’($_GET[‘id] 


Equal : true 


So we execute the following 
instructions. 


Start of instructions. { 


Save delete statement which is $sqidel="delete from terms 


concerned with deleting the he en 
record in variable $sqidel. id='$_GET[id]""; where 


Redirecting pages {reloading} header("Location:delete_term.php"); 
the deletion page to show exit: 
records after executing the 


deletion 


The end of (if) statement ,the } 
end of the code 2> 


Loading and showing the deletion page of a term in the browser window: 


When loading the deletion page of a certain term, at first we 
show the terms and their data as in the following screen 
through the address localhost/dictionary/del_term.php 


—_~_ — > —— _ — 


a oa o e e Nae a ne Rey e a pty Ge Ma St e o et P pkd Super 
te J le ee i iS ain Sn Da ey ee l M 3> Computer 


-A ne ee eee veo Free Ware ° 


Figure (12) showing deletion term page. 


After that we select the term we want to delete 


We choose the record we want to delete in deletion term page then press on delete button 
in front of the selected record (it could be the first record) then it is deleted and the 
internet browser screen appears as the following: 


We have to be sure of deleting record from the database: 

And to be sure of deleting certain record (term data) from data base, we open the 
database in a new tab then save the result in the browser and 

to be sure of deleting record from table terms. 


"Localhost/phpmyadmin' 


Profeng | » Lhe |] Deeme if am te etl l 


Query nrun, nper sore 


E 
| 
| 


Figure (14) a screen shows the data base without the deleted term 


The Third Subject 
Edit data page "“edit_term.php" 
Help page "help.php" 


Learning outcomes: 


At the end of this subject, the student will be able to: 


1- Design an interface page of updating term. 

2- Execute HTML code for creating updating term page. 

3- Select code with php language that's suitable for inserting Header. PHP page . 
4- Use code with php language for Header & connection pages. 


5- Explain code with php language for updating term data. 
6- Update data in data base table. 


7- Cooperate with his classmates to be sure of updating the data of a term in the data 
base. 
8- Select the elements that could be shown in the Help Page. 


9- Create Help page. 


My dear student you have learned, that dealing with data bases Includes (addinging- 
searching —deleting-updating) 


Sometimes it requires updating or editing its data, so we have to create editing data 
term page and save the updated data in the data base. 


Executing updating in term data, through the following stages: Creating updating data 


page. 
Showing terms on the updating page. Choosing the term we need to update. 
Showing the term data we meant to update in the controls on the browser. 
Doing the update inside the data base. 


Showing the data after updating. 


Firstly: Creating edit data term page: 
Through one of the applications of creating web pages:- 


A-As we have created (searching-adding-deleting) pages, we do the same 
following steps : 
-Writing the page title, inserting table. In the first row we write the columns titles as it 
shown in the following screen : 


in iAclucte (*monnectiso gine”) s 
yi*ert mace "asime 


Figure (15) Designing the interface of update term page. 


B-Doing the processing and updating in the term data, then we save the 
updates in the data base table this through php code parts that we 
have added in the places we refer to in the following figure: 


1 <html di="ril"> 
2 <head> 
3 <meta content="texthtml: charset=utf-8" hitp-equii="Content-Type" > 
4 <title>gellamce Saas <file> 
: aa Code php. No. 1 
7<!- phpcodeaumber 1 -> 
8 <bb<p > her gap <b> 
9<!- php code number 2 -> Code php. No. 2 
| <form method="post" action="edit_temm.php"> < 
ll<!- php codenumber 3 => — 
<table style="width: 100%"> 
<tr bgcolor="43F fi00'> 
<dd> 
<td> glanced <itd> 
<ia <td> 
<td> </td> 
<tt> 
<td>yeinadl</td> 
p <r> 
21 <!-- php code number 
</table> 
23<!- phpcodenumber $ -> — 
</form> eae 
<form method="post’ action="edit_ term php?id=$ GET/id]&amp:action=$ GET{action]' enctype="multipart'form-data"> 
<form method=/post action='edit term php?id=$ GET[id]&amp:action=$ GET[action] enctype="multipart’form-data"> 
<hr style='color:orange maroon; width: 1267px!/> 
Wiis Jai <h> 
<hr style='colororange:maroon;width:1267px'> 
) <div > 
30 <! php codemumber 6 -> 


Figure (16) HTML code that is about creating edit term page. 
The abbreviated PHP code: 


The final purpose of PHP code is editing the data of a term "term record" 


inthe terms table inthe database through the updating page which previously designed 
and created. This is by displaying the data of all 

terms and choosing a specific term to update its data as describedinthe most accurate 
PHP code or by entering modified data for a particular term by its code. Theterminology 
codecanbe identified by opening the terms table and using the codes to modify the data 
of a particular term recordto simplify the PHP code and ensure that it fulfills the purpose 


inasimple way. The following abbreviated code achieves this purpose: 


<?php 
include("header.php"); 
include("connection.php"); 
mysql_query("SET NAMES ‘utf8""); 
if(isset($_POST['Submit1'])) 
{ 
$fileName = $_FILES['filedata']['name']; 


$tmpName = $_FILES['filedata'][‘tmp_name']; 


move_uploaded_file(StmpName,'pic/'.SfileName); 
Siddata=$_POST['id_term']; 


Sterm=$_POST['txt_term']; 


$trans=$_POST['trans']; 
Sdefe=$_POST['TextAreal1']; 
Spicture="pic/". $fileName.""; 


echo (Spicture); 


mysql_query("update terms set term= 'Sterm',trans ='Strans', 
defe='Sdefe' ,picture='Spicture' 


} ?> 


Code Explanation 
<?php The beginning of the PHP code. 


Check the Submit button 


clicking 


if (isset($_POST['submit1'])) 
i Testing the "Update" button and 
then the code between the 


brackets. is executed 


$fileName = $_FILES['filedata’][name’]; Store the image file name in the 


$fileName variable 


move uploaded. file(StmpName,'pic/’sfileName); | Store the image inside the $ 


eee oe ie eae a ee ee | tmpName variable 
$fileName = $_FILES[File1][ name’; 


move uploaded file The function used to 


StmpName = $_FILES[filedata'][tmp_name’]; 


$fileName variable 


move.uploaded. file(StmpName.pic!'SfileName); | Store the image inside the $ 


tmpName variable 


move uploaded file The function used to 


BENEL R AAEE L eee SNOUT Ie RTO DCE E ORE eae oe ET upload the file, it needs two 


parameters, the first is image and 


the second is image file name and 


one nnn nnn ccna nnn nna nena nnn nnn its path. 


SR ES ore Se OOD Through corresponding assignment 


statements the values of fields 


stored in the five variables ($term - 


$picture="pic/" . $fileName . 


"n", 
3 


$iddata - $trans - $defe - 
$picture( 


For example, the value of field 
‘id_term' has been assigned to 
variable $iddata and so on to 


other variables. 


echo ($picture); 


Print the variable $picture content on 


the Internet browser screen. 


By typing HTML code into PHP by 


command echo( J- 


Use the function mysql_query 


This function is used to perform 
an update query for a terms table 
for each of the fields (term, trans, 


defe, picture) 


For the record with the id code 
mysql_query("update terms set and the query output in the $ 


term= '$term',trans ='$trans’, defe = | query variable. Thus, the value of 
'$defe', picture='$picture’ where 


id="$iddata' "); 


each field in the data record, 
which equal to the value of id, is 
modified by the new value 
entered in the controls on the 
browser screen that were 
previously stored in the variables 


referred to. 


} Closing the last bracket} means 
closing the IF statement that is 
mentioned at the beginning of the 


?> PHP code. 


Then the end of the code. 


When you execute the previous code, you will modify the entire record or term data in 
the "Terms" table in the database. However, some limitations in the abbreviated code 


may be covered in code (b) more professionally. 


(1) Theamendmentis primitive by inserting allterm data as if itwere a new term 
and then updating the record based onthe number or code of the term. 

(2) The best when modifying the term data is that all terms data are displayed in 
front of the user and then by pressing a button or an adjustment link next to a specific 
term whose data is called only and modify the data of term to be updated only then 
update inthe data table. 


(3) (3) If the user presses the "Edit" button and no data is entered except the 


torm code all data of the racard fields are undated with null vales 


(4) The primitive data update method does not give options to the user. 

(5) Modifying term data requires knowledge of terms codes or opening data table 
and access to terms codes. This method is not practical, so itis best to view the term 
data and choose the update process for a particular record or term. 

(6) When you modify the term data, a message does not appear stating that the 
modification was successful or that there is a problem, so it is preferable to show a 
message to the user explaining that the 

update was successful. 

(7) It is also best to view all the terms data before updating and then re-display all 
the terms data after the update to make sure thatthe modification has already been 


made. 


More accurate PHP code: 


Code The code The purpose of the code 
number 
1 Including Header page. 
<?php 
Include 
(‘header.php'); 
?> 
2 <?php Do connection with the 
data base and count 
include('connection.php'); number of records that we 
mysql_query("SET want to update 
NAMES 'utf8"); show all records of terms 
page 


$sql='select * from 
terms"; 
$query=mysql_query($sql); 
$num=mysql_num_rows($que 


ry); 
?> 


3 howing number of records 


<?php hat are available to update 

echo(’<hi>  cilbal = ate by studying the code, it 
$num </h1>’); Shows that it prints the 
?> number of terms next to it 


he variable value $ num 
hich contains the number 

of terms which we get from 

he previous code.(part 2) 
A- Searching for the 


<?php 


While ($row = first record and saving 
mysql_fetch_ array($query)) the data in variables- 
{ using the looping 
Şid=$rowț'id']; statement While to do 


the code between two 
brackets according to 
the number of results 


$term=$row['term’]; 
$trans=$row['trans']; 
Sdefe=Srow|'defe’]; 
$picture=$row['picture’]; 


the first data record 
from the data base 


echo (" table by the query 
<tr> mysql.  fetch_ array 
<td>$id</td> then moving by the 
from the data base 
echo (" table by the query 
<tr> mysql fetch_ array 
<td>$id</td> then moving by the 
<td>$term</td> pointer to the next 
<td>$trans</td> record and put in in 
<td>$defe</td> the 5 variables. 
<td> <input ; 
name='termp' type="image 'B-/Inserting new row to 
‘src="Spicture’ width='80" e table of ine 
height='80'/> browser screen which 
aias contains the value of 
the special 5 variables 


and showing it in the 
table which we have to 
correct it and it 
contains 6 columns. 


Thirdly: upload and update term data through web browser: 


After finishing creating the page, you can open it through the web browser to try 
executing it and to be sure of the right work of the codes as in the following screen „this 
by writing the following address: 


localhost/dictionary/edit_term.php 
Updating term 


We choose the record we mean to update in edit term page, then we 
click on the hyperlink update on the chosen record (it could be the first 
record), the update code is executed, then the web browser page appears 
and in it the term data under the page / at the end of the page where the 
user could update the term data and click on adding button as shown on the 
following screen: 


© er en 5 [reen ae | 
1 ciak a 225 
| 4 ES NOE ES EARRA seins 
| C4 
I ee 
Add data 
after update = 


Figure (18) Executing editing term on the web browser window. 


After updating and clicking adding the term data appears on the same 
-web browser screen as the following figure: 
@ 


Figure (19) showing the data on the web browser window after executing 
Fourthly: The certainty of updating term data in the database: 
You can open the data base in a new tab to the web browser and this by writing the 
following link (localhost/phpmyadmin) in the address line and watching the record 
_after updating where the data base appears: _ 
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Figure (20) the certainty of updating/editing data base in data base 
table. 


Creating help page:- 


-in most of the web sites help page is available. It supplies the user with the 
information he needs to know how to deal with the web sites pages in it. The 


page includes: 
1-An explanation of how to use the web site. 


2- Direct hyperlinks to some of the web site pages. 


3-Search for how to do tasks on the web site. 
Some Help programs. 


Hyperlinks to external sites. 


Unit 5 


Securing Web " the computer photographic 
terms dictionary" 


At the end of this unit the student will be able to: 


1- Recognize some concepts & special terms concerning securing websites. 

2- Create registration page of a new user 

3- Create sign in php and sign out php registration page 

4- Design an electronic mean to spread the awareness of the secure using of the 
internet 

5- Discuss some concepts and some issues concerning safe thinking, safe information 
when using communication and information technology means 

6- Following and respecting the ethics and principles of free thinking when dealing with 
information, equipments, nets , service and applications of the web 

7- Keep the ethics and principles of law when using information devices and networks. 
8- Follow the ways of protecting the application programs from the risk that might face 
it 

9- Follow the ways of protecting websites, the database from risks that might face 
them 

10- Document information that he gets from electronic information resources. 


the ways of protection in case of breaking through the website in general let's start by 
explaining the following: 


Conceptive entry for securing the websites. Creating a page for registering a new user. 
Creating a page for a signing in &signing out 
The necessary procedures for securing the web. 


The first subject 


An entry in securing websites 


Learning out comes: 


At the end of this subject, it’s expected that student will be able to: 


1. Know what’s meant by penetration. 

2. Explaining the ways of protecting a website. 

3. Searching through electronic information resources for 
ways and styles of penetrating websites. 


4. Conclude how to protect the photographic terms dictionary website. 


Securing websites is a necessity to stop penetration, which leads to many harms and 
negative results like: 


Stealing or losing important database that may lead to great problems in all fields. 
Getting institutional or personal information and what harms it may cause. 

Showing unsuitable content that it might contains political, religious, ethical attitudes. 
Deforming the image of the foundation or the person who owns the website generally. 


The penetration concept: 
The website penetration, it’s generally called website hacking by using the penetrator 


the hacker a way or a weak program that enables him to get the validity of controlling 
the website management or dealing with its database by any way (showing, deletion, 
editing and so on). 


The ways of protecting the website: 

1- Protecting server (website hosting)Protecting the website here is the 
responsibility of the sever or website hosting where it makes / sets security 
options & controls it more , also it endures the responsibility of too many challenges 
especially in the system of operating the server. 


2- protecting the website developers: 

The website developers and those who are in charge of it are responsible for 
protection this through: 

eBe sure of the inputs before storing it in the database. 

eEncrypt password. 


e Managing the important website folders with strong passwords. 
eSpecifying the user's validity correctly and clearly. 


Some precautions to keep securing the website: 


1- Keep software up to date 
Be sure of the continual updating programs 


that are in use, especially that are used for 
managing, designing the website. If it is the program 
operation system of the server or any other program 


that work on the website. 


2- Dealing with error messages 
Dealing with error messages 
in creating a website, error messages might appear, like that there is no 
connection to the database or not saving the term in the table correctly, so 
it’s necessary to know the possible errors & try to hide them. Because 
these errors make the website weak and easy to be penetrated. There we 
should replace any error by another message that will appear to the user, 


For example: 


This message appears when undefined variable use it and not recognized. 
Example: 


This message appears when you use an undeclered variable 


Notice: Undefined variable: ss in C:\xampp\htdocs\dictionary_tv\test].php on line 14 


So, we must expect that and deal with it programatically 

Through well prepared messages, those don’t express to the user 
information that could be used for penetration. For Example, when there is 
incorrect password, a message appears saying that a username or the 
password is incorrect. 


You will learn in this unit the skill of showing an incorrect message in different 
situations. 


1- Input Data Validation 

The certainty of the correct input data validation from the user {the website 
visitor} , If this doesn’t happen, it paves the way to penetrating the website. This 
through inserting inputs causes penetration, so one of the main bases of protecting 
from penetration is to be sure of the user input data. 
For example the certainty of the field contains values that don’t exceed some or a 
number of letters or to be sure the field is not empty , that’s by the ( if ) clause in the 

code of the used languages to be sure of the input data validity. 


We can do that on two levels: 


Firstly : using the server &by using php code 
Secondly : the client server & by using java script code. 


For Example the following example is used for the certainty that the field is 
not empty by using php code and it’s done through the web site code. 


IF ($term !== "" && $trans !== "" && $defe !== "" && !empty($file) 

{ 

The code that is executed for the certainty that the previous variables are not empty. 
} 

2- Passwords: 


Passwords should be complicated so it would be difficult to a penetrator to discover 
it, especially the server password and the site admin password and the database 
passwords. 

For the private passwords of the websites users: we could force the user to insert a 
passwords with special characteristics. For example a number of letters not less than 
8 letters. There are capital letters with numbers and 


special signs. 


1- Avoid inserting SQL statement is usually known by SQL injection through dealing 


with sites: 
that a penetrator might try inserting special parameter inside SQL statement, this 
through the site data base input form to be done on the data base without informing 
the designer & the in charge of site to give other results, the penetrator could use it 
badly or do bad changes in the data table. For securing that we use SQL real —escape- 
string sign to prevent inserting 


SQL statement to the data base so it won’t be done on the data base. 


2- Avoid writing XSS (Cross site scripting) code through the website. 


Having no programming to be sure of the inputs & give the chance to the penetrator to 
write a code in the site may result that the penetrator may insert a code in the web 
pages, So this may lead to negative effects and risks to both the user & the website 
owner. 


For example: 
If there is a form that allows the user to write a comment then show all comments 
successfully , the penetrator will use it to write java script code for example , when 
sending the comment to server , this code is stored in database , and when it is shown 
in HTML page the code is done this may redirect the user to another page and in it a 
harmful content or fishing page (it contains fake form to get important data from a user 
that visiting the site like passwords or a number of a visa card. 
We can avoid that by using suitable programming style like not allowing any script in 
the comments fields. 
6- File Uploads: 
Allowing file uploads to your site may cause great risks, we should avoid by following 
programming precautions, a file may contain script code it’s done as soon as it opens 
on the server, and then your site becomes a victim to penetrator. We can treat this 
probability by testing the uploaded files. 


For example: 

Be sure of the file identity, if the file was an image we should be sure of the file 
identity, where php language affords many programming styles to be sure of the file 
identity in the following code: 


file = $_ FILES['uploadedfile’]; 
$allowedExtensions = array("jpg”,'jpeg",'gif’,'png"); 
if (!in_ array(end(explode(’.’, $file['name’])),$allowedExtensions)) 


{ 
echo's lapis Cyama! Gla)! eg :jpg, jpeg, gif, png’; 
exit(0); 

} 


Function array 


It creates new array which contains a group of elements. 
Function in_array 


in_array (the element which meant to search in the array, arrayelements) 
To be sure of the 1st parameter inside the elements of the array (2nd parameter). 
Function end 


Is considered one of the arrays and meant to get back the value of the last element 
in an array. 


Function explode 


explode('.',$file[‘name’]) 


Its job is to transfer a variable to an array which contains several elements & gets 
two parameters: 

1°: the ways of separation between the variable contents & it could be (space- 
dash- pholo stop) in the example it is (.) 
2"4: it is the variable content which is meant to turn it into a text, and it is 
(Sfilename). 


6- Secure Socket Layer SSL : 

It is a protocol to support secure dealing with web server and web 

browser through a mediator that’s called certificate authority CA and could be 
translated by a translation sector, this affords secure pages which uses protocol HTTPS 
instead of the HTTP especially for the websites which deals with financial dealings or 
important data forms. 


Example: 
Using applications and security websites tools. 
After finishing designing the website, we should test the web security and the effective 
way is to use applications and web security tools against penetration by using codes & 


similar ways to what penetrators use and sometimes it’s called (pen testing or 
penetration testing.) 


There are a lot of applications that testing website security against penetrations some of 
them are free or open source. 

Examples of these applications: 

1- OpenVAS: 

It is considered one of the biggest open source applications that is used widely for testing 
web security. 

2- Netsparker: 

is good for SQL injection and testing XSS. 


Securing the website photographic terms dictionary through: 


1- Registering the website users by creating a new user registration page 
(reg.php) and saving their data in the database. 
2- Confirming the login to allow the insertion and changing and deleting process by 
creating sign in php. 
3- Encrypting any user password. 


The second subject: 


Creating registration page 


(reg.php) 


Learning out comes: 


At the end of the subject, it is expected that the student will be able to: 


1. Design new user reg.php page. 

2. Create users table in the database. 

3. Differentiate between get & post in sending the data to the server. 

4. Explain the probabilities of doing wrong in inserting wrong username & password. 
5. Share with his classmates in explaining php code for creating reg.php. 


6. Try reg.php to specify problems. 
7.Know the procedures to solve problems of creating new user reg.php. 


8.Explain the conditional statement (if) in the php code that is about confirming the 
identification of passwords. 

9.Search through the electronic information resources for types & styles of securing 
passwords. 


Securing photographic terms dictionary website, it requires to do previous 


Procedures to discuss it and starts with creating new usereg.ohp 


Firstly: creating new user table called users in the database dbdictionary, it contains 
the following fields 


+ 


Table: Users 
E A 


aj e 
o e 


Figure {21} Designing user’s table 


You have studied before the steps of creating users table in dbdictionary, follow these 
steps using the following: 


1. Run the XAMPP control panel from the start menu as follows: 
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Fig. 22 Run the XAMPP Control Panel 


2. Atable has been created in the data base. 
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bates Null Debut Ersa Action 
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Figure (23) users table in the data base. 


Secondly: creating new users reg.php .page 


1-Open dictionary website for changing in it & inserting php 
page & this by using expression web 


2-Create new page of php type as in the following Figure: 


Se ra ee, a a. > ae GS et Oy ee gee ke ae a ne 


Edit View Insert Format Tools Table Site DataView Panels Wind 


(New) Page. 
(> Open... Ctrl+O 
Recent Files d |$) HTML 
Gf Close E] ASPX 
EASP 
ied Save cr 
[al Save As... A} CSS 
g Save All 
B Folder 
Import > 


Eú) Create from Dynamic Web Template... 
Sy Display in SuperPreview Shift+F12 T7 Create from Master Page... 


Figure (24) creating php page & in expression website application 


3- Insert form and in it objects as below. New users registration: 


‘igure (25) inserting form contains some of the controls in expression web. 


Adjust the form characteristics, be sure of specifying the value of post for the 


method as in the following figure 


a 


Tag Properties * CSS Properties 


<form> 


= Attributes 
oF action 


Woes is chosen the 


OM a. be 2 lek 


Fiaura (94) adinct tha farm charartaricthce 


5- Study HTML code as in the figur 


2 <biml zmins="http: www. w3.org/1999;xhtmi"> 
3 <head> 
4 <meta cont 


ent="en-us™ bitp-equa="Content-Language"> 

5 <meta content="text/html, charset=utf-8" http-equis="Content-Type” > 
<tt> 89 Jas <i> 

7 <thead> 

8 <body di="ril"> 

> <dn> 


<span lang="ar-eg”><strong><sf 
<div> 

<form method="post" achon="rez.php”> 
<span lang=" areg >p »lEnbsp:&absp.&nbsp:</span><span lang="en-us"> 
</span><span lang="ar-eg">&nbsp; 
<input same="txt_user™ stye="width: 307px" type="text” ><br > <br > 
US Gn} Mni p-&nbsp:&absp:</span></span> 


input name="txt_pass” style="width: 307px" type="password” />&nbsp.&nbsp:£al 


n class="styke2"> Jamiknbsp; ></span><br class="stye2"></strong> 


" type="password” ><br > 
sp.&nbdsp;&nbsp.&nbsp,&nbsp:Anbsp:&absp.&nbsp.Lnbdsp-&nbsj 
width: 149px" type="submit” value="Ue"></strong><br > 


In the window of the form characteristics post has been marked to the 
method & not get. 


Figure (28) adjust the characteristics method of the form. 


Examine html code in the beginning tag of the form to be sure that the value of 


he method equal to post as in the following: 


<form Method="post') action="reg.php"> 


. What is the importance of specifying the value of 
i" d post not get in the characteristics of the form. 


The importance of the form & how to create it: 


Form is used for passing or sending all the data that exists in all the controls 
from the web to the web server. 


There are 2 ways for sending the form data: 


1- <form method="GET"'> 


2- <form method="POST"> 


- When clicking on the button submit protocol http request appears for sending data form 
to the Web server. 


- Request relies on the normal way if it was get or post, secret and secured data has been 
sent. 


- In case post is assigned secret and secured data has been sent. While "Get" is used in 
certain cases. Some of them: 


< If the data is little. 


< If data is not secret because it appears on the address line of the internet screen. 


PHP code no 
Note we should write this code 
inthe beginning of the page 1 
before the code 
<?php 
include("header.php"); 2 
T> 
<?php 
include("connection.php"); 
if(isset($_ POST['Submit1'])) 
{ 
$txt_user=$ POSTT['txt_user']; 
$txt_pass=$ POST['txt_pass']; 
$txt_con=$ POST['txt_con’]; 3 
mysql _query("SET NAMES 'utf8'"); 
$query=mysql query("insert into users values(",'$txt_user’,'$txt_pass')"); 
i 
J 


Explaining parts of PHP code. 


1- PHP code: 
<?php - it refers to a session 
session startQ: decleratin inside the code 
> = g of the page 
Session : 


Itsa way of storing data in a variable inside the server to one user. 

This variable is available for usage through all the website pages. All the 
time the user browse the pages. 

When dealing with the user entry page, we should be sure that the user 
registered an entry or not, until using the session variables through the 
website pages. Through adding the previous code at the beginning of the 
website page which we need using session variables to it. For dealing with 
the session we should use the previous code at the beginning of the page. 


2- PHP code 


<?php The code refers to including header 


include("header.php"); -php as explained before 
> 


3- PHP code 


E <r it refers tou luding the page that is 
| include("connection.php"); connected to the database as 


explained before. 


e Using variable user POST: 
e Toget the value of controls just after clicking on submit button 
e weuse (if) statement to be sure of pressing on submit button: 


if(isset($_ POST['Submit1'])) 


è The content of controls on the form is assigned to variables. 


<Stxt4js—— User name 


Mtp — Password 
Sirt cc 


° Confirming password 


e Using the function mysql = query helps to solve the problem of dealing 
with data on the browser screen in Arabic language correctly without 


question marks. 


mysal_query("SET NAMES ‘utf8'"): 


Through mysql query the user value has been inserted. They are username, password in 
variables Stxt_ user, Stext_pass and the true value is specified for the variable Squery in 
case the insertion process succeeds in the users 

table in the database Note: the statement “insert into sql is used to add new data of a 
record to users table in the database . 


$query=mysql_query("insert into users values(",'$txt_user'’,'$txt_pass')"); 


Thirdly: trying & doing reg.php page in browser window to specify problems 
& treating them: 


eOpen page in browser by the following address 


http://localhost/dictionary/reg.php 


Then, follow the following procedures with opening the users table each 
time and note the input effect in the table: 


Procedures steps in the effect of the input in users table 
reg.php 


e Insert username + Options 
e Insert2 passwords | «| V id username password 
e click on the register of Edit Fé Copy @ Delete 17 ahmed moon 
t 
button t Check All With selected: g Change @ Delete G Export 


e Open users table 
e Notice data has 


been added or not? 


e Record your notes 


+ Options 
e Insert new user. e v id username password 
e Leave password p Edit #e Copy @ Delete 17 | ahmed moon 
field empty a Edit 3c Copy @ Delete 22 abdallah ş 
e Record your notes j ae Check All With selected f Change @ Delete (ij Export 
+ Options 
. Insert new user -T> v id username password 
password p Edit Jë Copy @ Delete 17) ahmed moon 


e Insert two a Edit é Copy @ Delete 22 abdallah 

n e Edit ë Copy @ Delete 23 ansary sun {= 
unidentical passwords iii - 

m Record your notes a Check All With selected p Change @ Delete a Export 


+ Options 


e insert the two 


-T> v id usemame password 
Edit Jë Copy Delete 17 ahmed moon 
passwords P EIES O s oyn 
p Edit $e Copy @ Delete 22 abdallah 
è Leave the user’s name of Edit %é Copy @ Delete 23 ansary sun 


field empty o Edit }e Copy @ Delete 24 moon << 


e t Check All With selected P Change @ Delete 3 Export 


Record your notes. 


Pn pers v id username password 


Leave all the fields tht rioa atoe all iioa 

p j en f — abdallah a 
empty 7 Edn hi Copy @ Delet 4 
Record your notes 7 core Bete 


T> v id usemame password 
Edit Zè C t 7 m 
as J Edit t Copy =] Delete 17 ahmed moon 
e 
insert the same user a Edit #e Copy @ Delete 22 abdallah 
Edit Jë Copy Delete 23  ansary su 
more than once dena’ a eo e ai 
a Edit Jé Copy @ De 4 moon 
e p Edit $e Copy @ Delete 25 
a Edit Ea Copy @ Delete 26 youssif sun_shine 
Record your notes P Edn: i Copy @ Delete 27|youssif | sun_shine 4 
a Edit $e Copy @ Delete 28 youssif sun_shine 
T Check All With selected: gf Change @ Delete [B Expon 


Figure (30) the probabilities of inserting the user name and password. 
After studying the possible procedures and its data in reg.php page and its 
effect on the inputs in user table. It is clear that the shape of the form, it has 
no security rules and Precautions, Because of the following reasons 


There is no certainty of data validation like (accepting empty fields has no test for 


identical passwords......). 


User name field in users table and this illogical, as there should not be more than one 


username with the same name. 


The password is clear without encryption. 


for treating these problems : we should do the following : 


1-treating repetition in username field in users table 


< Treating repetition we should do the following: 
< click on structure in MYSQL page, as you learned the characteristics of users tables 


< click to make the field unique (Unique field doesn’t accept repetition). 


<4 click to make the field unique (Unique field doesn’t accept repetition) 
(fi Sever: 1270.01 a p ataban treme of Fabie users 
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Figure (31) updating the properities of username to stop — D 


After clicking on unique which means doesn’t accept repetition, a window 
appears as follows: aia 


/ Alter \ 
f Unique: it \ 
means unique 

in the field 
characteristics 


Do you really want to execute "ALTER TABLE “users” ADD 
UNIQUE( ` username’ );"? 


OK Cancel 
A 
Figure (32) atext box Certainty for the username is unrepeated "unique" 


< Click on OK, a window appears to you, it shows the in ability of the 
field to be unique & that’s for having a repeated record or more. 
< So it is better to adjust unique before inserting data. 


© #1062 - Duplicate entry ‘youssif for key ‘username’ 


-Figure (33) Error messages because of the inability for adding unique 
properities , because there is a repeated username. 


4 > When this process succeeds (there is no repeated records) no error 
message appears as the previous message and the following message 
appears: 


ia { Your SQL query has been executed successfully. 


Update “ p = 
( The 
field 
ALTEN“SABLE ` ADD UNIQUE = 


AL “users “username~ 
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The third subject 


Designing page -sign in 
Php/ sign out .php 


s || 
Learning outcomes «= 


At the end of this subject: 
1. Create sign in page by using expression web. 
Cooperate with classmates to study HTML to create sigh in page. 


Create sigh out page by using expression web. 


Firstly: Creating signing in php by using expression web: How it works: 


1- Inserting the username and password then click on enter button. 


2- Searching in users table for a user name if it exists, then it has been 
compared between the passwords of the user with the stored password in the 
user data base table. 


3- If it is right; the user name will be stored in the variable session and 
shows a welcome message by the username. 


4- If it is not right there's a difference between the username & password 
then a wrong message appears. 

5- There are other pages affects by signing in like adding 
term page updating page, deleting page where we should change code in it 
every one of them where we couldn't complete adding , updating, and deleting 
except after recording signing in to the website. 


Steps of creating a page: 


e Open expression web and design a page called sign in .php 


e Insert form and insert on it controls as in the screen below 
Figure (38) designing the interface of a user signing in page 
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Figure (38) designing the interface of a user signing in page 


him! smiles" bitp:/ www w3.org/1999/xhtml” 
head 
meta content="en-us” bitp-equiv="Content-Language” 
<meta confent="texv/himl; charset=utf-8" bitp-equiv="Content-Type" 
titie > phali Jemeer< title i Eaa 


head <a S-— 
PHP code that is 
<body dir="ni"> 


php pe: about Header page 
| inclade("header._ php”), —_ 


span ling="ar-eg”"><strong><span class=" style?" > pam UO sh ee </epan 


j 


br class="stvieJ" 
strong 
n> 
form same-"admin” achon-"gignin.php” method="post 
enctype="multipart/form-data’ 
pee! pal bsp &nbsp.<inpul mme="user" type="text" ><hr><br><br 
JIA KR KEenbip;&obsp,&nbsp;<input naame="pass” type="password” ><br> 


3 <br 

22 input name="submiti" type="submit" value=" pàs" 

2 &nbsp.A£nbsp,&obsp 2obs a heis eg pio ee es 
24 torm> 


( The fourth subject \ 
The website security 
precautions 


Fal 


=; 


Learning out comes: 


At the end of this subject the student will be able to: 


.| execute updates according to session concept for a user and for the ability to update or 
add or delete in the database 
2.| Practice the hyperlink process for signing in and signing out pages of a user. 


3.| Employ the conditional statement (if) to confirm signing in. 


For testing if the signing in has been done or not: 


In case the signing in is done: 


< Adding a welcome expression next to it the user name. 
< Showing a hyperlink by registering signing out 


-In case of not signing in or opening the web page for the first time. We do the 
following: 
< Add a hyperlink by signing in 


< Print a message unregistered user. 


re tt rem tt mmr rote 


header.php* x headerc.php 


<html dir="rtl"> 

H <head> 

mi<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> 
a </head> 


m<imq height='161" src='images/banner.jpg’ width='1267'> 
g </div> 
g <div style="width: 1256px;text-align:right" > 


</a>ánbsp; énbsp; énbsp; énbsp;énbsp;énbsp;énbsp; <a href="search text.php">alhas ġe Sat! </a> 
= Ji></a> 


Add Php code 
here 


Figure (42) for updating in header page. 


‘hp code that’s added on the referred place, the figure, it is tested if signed in 


r not 


ee 
<?php 


if (@$ SESSION['username'] == "" 
{ 
echo (" <a href='signin.php'><span lang="ar-eg'>Jys.J! Junwi</span> </a>"); 
echo ("&nbsp;énbsp; énbsp; nbsp; énbsp; &nbsp; énbsp; "); 
echo “Jaws pid puii"; 
$ SESSION['username'] = ""; 
} 
else 
{ 
echo (" <a href='signout.php'><span lang="ar-eg'>ey iJ! Jinui</span></a>"); 
echo ("&nbsp;énbsp; énbsp; énbsp; énbsp; nbsp; &nbsp; "); 
echo("aS) Linus". " " . $ SESSION['username']); 


»> 


Figure (43) Adding the hyperlink sign in through php code in header page 


Explaining the code: 


The conditional IF statement 
if(@$_SESSION['username’] == "") 


Php language deals with the sign @ as a variable 
Remember that one of the php language rules is to put the sign $ before variable name. 


$ Session is variable in the server memory for the certainty that the user could sign in or 
not. 


IF statement condition 
-it is tested if the user name equal null which means it’s empty it has no 
data, there are two cases if it will be done or not. 


o If the condition is true (yes) 


Sign in becomes a hyperlink which is to sign in page that ‘s called sign in .php and leaves 
many spaces and print on the browser page the user isn’t registered ,then variable session 
its value in the code 


is null: 


$ SESSION['username’] =="". 
If the if condition isn’t true. 


It means: Session contains a value is the user name :then the sign out phrase becomes a 
hyperlink to sign out page that’s called sign out.php, and leaves many spaces and print a 
welcome message on the browser page “ you’re welcome ‘ then leave many spaces , and 
write the user name that ‘s inserted in variable session by the code 


:$_ session [username]: you’re welcome ) Echo. 
Changing the code in update page: 


Add the conditional statement to the marked place to test if it is completed signing in or 
not, if it doesn’t sign in we redirect to a page which says that the sign in or out from the 
update page, is invalid. 


<?php 

session_startQ: 

7 

<html da—"rtl"> 

<head> 

<meta content="text/html; charset=utf-“*" http-equiv="Content-Type" > 
<titl>Gih.a. daai </title> 

</head> 


<body> 
<?php 


include("header.php"); i 

A A conditional 

statement is 
added 


I 


<h’><p > cha eos </p> </h)> 
<?php 

include("connection.php"): 

mysql _ query("SET NAMES ‘utfA'"); 
Ssqli="select * from terms" 
Squery=mysqdL1 | query($sqD; 
S$num=mysql 


Figure (44) Adding php code in updating page allows the user who could sign in to do 
changes 


if(S_SESSION['username'] == 


header("Location: ask_to_sign_in.php"); 
exit; 


} 


It means that when we don’t have a user sign in, we redirect the user to a 


page called ask_to_sign_in php then go out from the code of the page 


Ask-to sign in php page: 
It's a page which is designed to show the user a message of what he has to do. 


A hyperlink to 
page signin.php 


A hyperlink to 
page reg.php 


Use your experience to design the previous page and do its hyperlink which is 
shown in it. 


After changing the code, we add the same previous conditional statement in the 
beginning of PHP code and in adding term page and also in deleting term page. 


The fifth Subject 


Securing database 
MYSQL. 


Learning out comes: 


At the end of the subject, it is expected that the student will be able to; 


1. Mentions ways to secure the database. 

2 Discuss a big number of ideas to secure database. 

3. Could change user name and password in the database 
4 Explain the security codes and their aims. 


Creating a password to secure the database: 


When installing XAMPP, a user is created, its name is root without a password, and 
this means let everyone deal with the database, so it’s important to create a 
password for securing the database. 


Remember the page is known by connection php 


<?php 
Susername=" 


$password="" 
$database="term"; 
$server="localhost"; 


$connect=mysql_connect("$server","Susername","$password"): 
if (Sconnect) 


$select=mysql_select_db("$database") or die(" Uti! basti à AIS. lie"): 


else 


{ 


echo("GUI! basti Jluasy! ay al");} 


} 


Figure (45) PHP code in connection page in the database with weak security. 


XAMPP for Windows 


Subject Status 
These XAMPP pages are accessible by network for everyone 
Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages. 


The MySQL admin user root has NO password 
Every local user on Windows box can access your MySQL database with administrator rights. You should set a password. 


PhpMyAdmin is free accessible by network 


PhpMyAdmin is accessible by network without password. The configuration ‘httpd’ or ‘cookie’ in the “config.inc.php” can help. 


A FTP server is not running or is blocked by a firewall! 
A FTP server is not running or is blocked by a firewall! 


Note the unsecure 


Click to get to the page of status of each item 
changing the password 


Figure (46) changing the user name, the password in the database. 


Study carefully the previous screen, then do what you are asked to do then ,the 
following screen appears: 


Password changing 


Figure (47) Inserting a new passwordand confirming it to the database to be more secure 


From the previous figure write the new password and confirm it then click on 
__ password/changing. 


Of course we must edit the password in connection php as follows: 


$password="HowTo_Design_ php _web_site"; 


Notice: 


The suggested password is chosen for the difficulty of guessing it by a 
web penetrator. 

The password should be difficult and complicated. 

No password is used except in connection php page. 


